The present invention relates to wireless personal area networks and wireless local area networks. More particularly, the present invention relates to systems, methods, devices, and computer program products for increasing security and providing secure authentication of devices in a wireless personal area network or wireless local area network environment.
The International Standards Organization's (ISO) Open Systems Interconnection (OSI) standard provides a seven-layered hierarchy between an end user and a physical device through which different systems can communicate. Each layer is responsible for different tasks, and the OSI standard specifies the interaction between layers, as well as between devices complying with the standard.
FIG. 1 shows the hierarchy of the seven-layered OSI standard. As seen in FIG. 1, the OSI standard 100 includes a physical layer 110, a data link layer 120, a network layer 130, a transport layer 140, a session layer 150, a presentation layer 160, and an application layer 170.
The physical (PHY) layer 110 conveys the bit stream through the network at the electrical, mechanical, functional, and procedural level. It provides the hardware means of sending and receiving data on a carrier. The data link layer 120 describes the representation of bits on the physical medium and the format of messages on the medium, sending blocks of data (such as frames) with proper synchronization. The networking layer 130 handles the routing and forwarding of the data to proper destinations, maintaining and terminating connections. The transport layer 140 manages the end-to-end control and error checking to ensure complete data transfer. The session layer 150 sets up, coordinates, and terminates conversations, exchanges, and dialogs between the applications at each end. The presentation layer 160 converts incoming and outgoing data from one presentation format to another. The application layer 170 is where communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified.
The IEEE 802 Committee has developed a three-layer architecture for local networks that roughly corresponds to the physical layer 110 and the data link layer 120 of the OSI standard 100. FIG. 2 shows the IEEE 802 standard 200.
As shown in FIG. 2, the IEEE 802 standard 200 includes a physical (PHY) layer 210, a media access control (MAC) layer 220, and a logical link control (LLC) layer 225. The PHY layer 210 operates essentially as the PHY layer 110 in the OSI standard 100. The MAC and LLC layers 220 and 225 share the functions of the data link layer 120 in the OSI standard 100. The LLC layer 225 places data into frames that can be communicated at the PHY layer 210; and the MAC layer 220 manages communication over the data link, sending data frames and receiving acknowledgement (ACK) frames. Together the MAC and LLC layers 220 and 225 are responsible for error checking as well as retransmission of frames that are not received and acknowledged.
FIG. 3 is a block diagram of a wireless network 300 that could use the IEEE 802 standard 200. In a preferred embodiment the network 300 is a wireless personal area network (WPAN), or piconet. However, it should be understood that the present invention also applies to other settings where bandwidth is to be shared among several users, such as, for example, wireless local area networks (WLAN), or any other appropriate wireless network.
When the term piconet is used, it refers to a network of devices connected in an ad hoc fashion, having one device act as a coordinator (i.e., it functions as a server) while the other devices (sometimes called stations) follow the time allocation instructions of the coordinator (i.e., they function as clients). The coordinator can be a designated device, or simply one of the devices chosen to function as a coordinator. One primary difference between the coordinator and non-coordinator devices is that the coordinator must be able to communicate with all of the devices in the network, while the various non-coordinator devices need not be able to communicate with all of the other non-coordinator devices.
As shown in FIG. 3, the network 300 includes a coordinator 310 and a plurality of devices 321-325. The coordinator 310 serves to control the operation of the network 300. As noted above, the system of coordinator 310 and devices 321-325 may be called a piconet, in which case the coordinator 310 may be referred to as a piconet coordinator (PNC). Each of the non-coordinator devices 321-325 must be connected to the coordinator 310 via primary wireless links 330, and may also be connected to one or more other non-coordinator devices 321-325 via secondary wireless links. 340, also called peer-to-peer links.
In addition, although FIG. 3 shows bi-directional links between devices, they could also be unidirectional. In this case, each bi-directional link 330, 340 could be shown as two unidirectional links, the first going in one direction and the second going in the opposite direction.
In some embodiments the coordinator 310 may be the same sort of device as any of the non-coordinator devices 321-325, except with the additional functionality for coordinating the system, and the requirement that it communicate with every device 321-325 in the network 300. In other embodiments the coordinator 310 may be a separate designated control unit that does not function as one of the devices 321-325.
Through the course if the following disclosure the coordinator 310 will be considered to be a device just like the non-coordinator devices 321-325. However, alternate embodiments could use a dedicated coordinator 310. Furthermore, individual non-coordinator devices 321-325 could include the functional elements of a coordinator 310, but not use them, functioning as non-coordinator devices. This could be the case where any device is a potential coordinator 310, but only one actually serves that function in a given network.
Each device of the network 300 may be a different wireless device, for example, a digital still camera, a digital video camera, a personal data assistant (PDA), a digital music player, or other personal wireless device.
The various non-coordinator devices 321-325 are confined to a usable physical area 350, which is set based on the extent to which the coordinator 310 can successfully communicate with each of the non-coordinator devices 321-325. Any non-coordinator device 321-325 that is able to communicate with the coordinator 310 (and vice versa) is within the usable area 350 of the network 300. As noted, however, it is not necessary for every non-coordinator device 321-325 in the network 300 to communicate with every other non-coordinator device 321-325.
FIG. 4 is a block diagram of a device 310, 321-325 from the network 300 of FIG. 3. As shown in FIG. 4, each device (i.e., each coordinator 310 or non-coordinator device 321-325) includes a physical (PHY) layer 410, a media access control (MAC) layer 420, a set of upper layers 430, and a management entity 440.
The PHY layer 410 communicates with the rest of the network 300 via a primary or secondary wireless link 330 or 340. It generates and receives data in a transmittable data format and converts it to and from a format usable through the MAC layer 420. The MAC layer 420 serves as an interface between the data formats required by the PHY layer 410 and those required by the upper layers 430. The upper layers 205 include the functionality of the device 310, 321-325. These upper layers 430 may include TCP/IP, TCP, UDP, RTP, IP, LLC, or the like.
Typically, the coordinator 310 and the non-coordinator devices 321-325 in a WPAN share the same bandwidth. Accordingly, the coordinator 310 coordinates the sharing of that bandwidth. Standards have been developed to establish protocols for sharing bandwidth in a wireless personal area network (WPAN) setting. For example, the IEEE standard 802.15.3 provides a specification for the PHY layer 410 and the MAC layer 420 in such a setting where bandwidth is shared using time division multiple access (TDMA). Using this standard, the MAC layer 420 defines frames and superframes through which the sharing of the bandwidth by the devices 310, 321-325 is managed by the coordinator 310 and/or the non-coordinator devices 321-325.
Of particular interest is how individual devices 321-325 are authenticated when they wish to join an existing network 300. This is always a concern with wireless networks, and is particularly of concern with WPANs.
Security in a WLAN with respect to device authentication is not generally too difficult to achieve. A WLAN by definition has access to a wired infrastructure. This wired infrastructure can generally be used to contact a remote site that can be used for verification. Such a remote site could be a database maintained by the network, the Internet, etc. In the case of a remote database, a network could access stored information that can authenticate the new device. In the case of the Internet the network could contact a third party site that provides authentication services. Such trusted third parties sites can ensure identities and provide security certifications for new devices that wish to join a network.
However, this is not necessarily the case with WPANs. A WPAN may or may not have access to a wired infrastructure. If not, some other way must be provided to authenticate new devices and ensure that authenticated devices may be allowed into a network.
Regardless of how it is done, authentication relies upon a trusted third party for authentication. Whether by digital signature or otherwise, the trusted third party makes certain that the new device is indeed what it says it is, and may properly be allowed to join a network.
Using digital signatures, for example, each device has means by which it can send a digital signature. If a first device wants to authenticate the identity of a second device, the first device asks for the second device's digital signature. The second device passes this digital signature to the first device, which takes that digital signature to a trusted third party, e.g., a trusted third party site on the Internet. The trusted third party then tells the first device who that signature belongs to, verifying the second device's identity from a known and trusted source. The second device can also do this to verify the identity of the first device.
This works well if the network has access to a remote trusted third part, as could be accomplished by being connected to the Internet. AWPAN may not have that luxury. Therefore, it would be desirable to provide a secure method of authenticating a device in a wireless network.
Preferred embodiments of the present invention will be described below. And while the embodiments described herein will be in the context of a WPAN (or piconet), it should be understood that the present invention also applies to other settings where bandwidth is to be shared among several users, such as, for example, wireless local area networks (WLAN), or any other appropriate wireless network.